← Back to Blog
Wed Mar 18 2026

GIFT City (IFSC) as India’s global collaboration hub for compliance, cross-border business, and financial connectivity

IFSCA AML/CFT & KYC Guidelines (2022): Summary of Amendatory Circular (02 Jan 2026)

The International Financial Services Centres Authority (IFSCA) issued an amendatory circular (F. No. IFSCA-DAC/7/2024-AMLCFT, dated 02 January 2026) introducing amendments and clarifications to the IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022. The changes are effective immediately and are aimed at strengthening customer due diligence, improving transparency, and streamlining compliance for Regulated Entities (REs) operating in IFSCs.

This post is a product/compliance-oriented summary to help teams update processes. Always read the circular and the updated guidelines before implementing.

Key amendments and insertions (what changed)

1) Applicability and exemptions

  • Covered REs: REs licensed/recognised/registered/authorised by IFSCA continue to be covered.
  • New discretion: IFSCA may exempt specific entities or activities.
  • Newly exempted categories (still expected to conduct Business Risk Assessment):
    • Global In-House Centres
    • International Branch Campuses / Offshore Education Centres
    • Financial Crime Compliance Service Providers
    • Financial Institutions serving only their Financial Group (subject to not being in FATF high-risk jurisdictions)

What to do

  • Policy: Update applicability scoping and exemption handling.
  • Controls: Keep risk assessment and basic AML governance even where exempted.

2) New definition: KYC Registration Agency (KRA)

  • KRA introduced with reference to upcoming IFSCA KRA Regulations, 2025.

What to do

  • Readiness: Track KRA regulation rollout; prepare data/consent flows for KRA-based KYC reuse, where applicable.

KYC & Customer Due Diligence (CDD) updates

3) Officially Valid Documents (OVDs): equivalent e-documents permitted

  • Equivalent e-documents of OVDs are now acceptable (e.g., digital equivalents subject to authenticity controls).

What to do

  • Process: Accept and validate e-docs; align your document validation rules and storage format.
  • Audit: Preserve integrity evidence (digital signature/QR validation logs where available).

4) Customer risk categorization: confidentiality requirement

  • Risk classification and the reasons must remain confidential to prevent tipping-off.

What to do

  • UI/ops: Ensure customer communications never reveal internal risk grading or rationale.
  • Access control: Limit visibility to compliance roles; add need-to-know permissions.

5) Beneficial ownership (BO): enhanced due diligence for Indian nationals

  • Enhanced Due Diligence (EDD) is mandated where the beneficial owner is an Indian national, irrespective of the customer’s risk category, to mitigate round-tripping risk.

What to do

  • BO workflows: Add an “Indian-national BO” trigger for EDD.
  • EDD pack: Strengthen source of funds/source of wealth checks and documentary expectations for such cases.

6) Persons with Disabilities (PwDs): rejection safeguards

  • KYC applications of PwDs cannot be rejected without proper reasoning.

What to do

  • Case notes: Make “reasoned decision + recorded justification” mandatory if rejecting.
  • QA: Add review checks to avoid arbitrary rejections.

7) Periodic KYC updates for Resident Indians

Updated periodic update timelines (Resident Indians):

Risk categoryPeriodic KYC update
High riskEvery 2 years
Medium riskEvery 8 years
Low riskEvery 10 years

Additional clarification:

  • If there is a conflicting risk classification between group entities, apply the stricter timeline.

What to do

  • Scheduler: Align KYC refresh jobs with the new time horizons.
  • Group logic: Implement “most stringent wins” rule where group-level mismatch exists.
  • REs must report Designated Director and Principal Officer details to FIU-IND and IFSCA.
  • STR filing cannot be the sole reason to restrict customer transactions.
  • Outdated FIU-IND contact details have been removed from the guideline text.

What to do

  • Reg reporting: Confirm your FIU-IND + IFSCA filings include current DD/PO details and change management.
  • Transaction controls: Ensure blocks/freezes are driven by policy triggers beyond “STR filed” alone (e.g., legal orders, sanctions, fraud confirmation, internal risk rules).

Aadhaar and e-KYC clarifications

  • Biometric e-KYC (including Aadhaar face authentication) is permissible via REs / business facilitators, subject to the applicable framework.
  • Aadhaar usage must comply strictly with the Aadhaar Act and associated regulations.

What to do

  • Compliance: Validate your Aadhaar flows for consent, purpose limitation, storage restrictions, and audit trails.
  • Vendor management: Ensure facilitators/partners have compliant operating models and contracts.

V-CIP (Video-based KYC) for NRIs: updated country list + account activation control

The circular clarifies/updates the eligible countries/jurisdictions for NRI V-CIP:

Eligible list (highlight)

  • USA flagUSA
  • Japan flagJapan
  • South Korea flagSouth Korea
  • United Kingdom flagUnited Kingdom (excluding BOT)
  • Canada flagCanada
  • UAE flagUAE
  • Singapore flagSingapore
  • Australia flagAustralia
  • European Union flagEuropean Union (excluding Croatia)

Note: BOT refers to the UK’s British Overseas Territories.

Additional condition:

  • If current address cannot be verified, open the account in debit freeze / inactive mode until the customer completes activation requirements.

What to do

  • Eligibility: Update your V-CIP “country allowlist” logic.
  • Product control: Add an automated “freeze/inactive” state when address verification is pending.

Additional clarifications affecting operations

Transactions and accounts (IFSC routing)

  • All monetary transactions by Financial Institutions in IFSC must be routed through an account with a Banking Unit in the IFSC.

What to do

  • Payments rails: Review settlement and collection flows to ensure IFSC banking unit routing.

Non-Profit Organizations (NPOs)

  • Religious/charitable trusts per the Income Tax Act are included as NPOs.
  • REs must register NPO client details on the NITI Aayog DARPAN Portal and retain records for five years post account closure.

What to do

  • Onboarding: Add DARPAN portal registration verification/recording for NPO clients.
  • Retention: Align retention schedule to “5 years after closure” for the relevant records.

NRI onboarding: documents to capture (practical checklist)

A) One OVD (mandatory)

Collect any one:

  • Passport (most common)
  • Driving Licence
  • Voter ID
  • NREGA Job Card
  • NPR Letter
  • Aadhaar (only for those who have it)

B) Additional KYC documents (non-OVD, but required)

Use these to establish address and NRI status:

  • Visa / Residence Permit / Work Permit
  • Overseas utility bill or bank statement
  • OCI/PIO card (if applicable)

For NRIs without Aadhaar/PAN, collect:

  1. Passport (OVD for identity)
  2. Visa / Residence Permit (NRI status)
  3. Overseas address proof (utility bill / bank statement)

Implementation checklist (quick actions for compliance teams)

  • Policy updates: Incorporate exemption handling, risk confidentiality, BO EDD triggers, PwD safeguards.
  • Systems: Update KYC refresh timers, V-CIP country allowlist, and freeze/inactive account state logic.
  • Reporting: Validate FIU-IND + IFSCA reporting of Designated Director and Principal Officer details.
  • Records: Enforce NPO DARPAN registration capture and post-closure retention (5 years).
  • Training: Refresh frontline SOPs (especially “no tipping off”, PwD handling, and STR implications).
Posted by
Kwik.ID